go-flags icon indicating copy to clipboard operation
go-flags copied to clipboard
verified publisher icon jessevdk

Fix CVE-2022-29526 vulnerability caused by golang.org/x/sys?

Open amosricky opened this issue 3 years ago • 2 comments

image image

It seems there is a medium level problem The current golang.org/x/sys version in go.mod is v0.0.0-20210320140829-1e4c9ba3b0c4 This problem already be fixed in version 0.0.0-20220412211240-33da011f77ad Please help this, thank you

amosricky avatar Jul 29 '22 04:07 amosricky

fork https://github.com/Potterli20/go-flags-fork

Potterli20 avatar Aug 18 '22 02:08 Potterli20

Running govulncheck on this library gives us the following output, so maybe this isn't a problem.

$ govulncheck ./...                                  
Scanning your code and 49 packages across 2 dependent modules for known vulnerabilities...

=== Informational ===

Found 1 vulnerability in packages that you import, but there are no
call stacks leading to the use of this vulnerability. You may not need
to take any action.
See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details.

Vulnerability #1: GO-2022-0493
    Incorrect privilege reporting in syscall and golang.org/x/sys/unix
  More info: https://pkg.go.dev/vuln/GO-2022-0493
  Module: golang.org/x/sys
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

No vulnerabilities found.

Share feedback at https://go.dev/s/govulncheck-feedback.

sivakusayan avatar Jan 28 '24 05:01 sivakusayan